LGA Governance Peer Challenge: Huntingdonshire District Council

Huntingdonshire District Council (HDC) invited the LGA to undertake an audit peer challenge in March 2023. Peers made a number of recommendations during the review and the council subsequently developed an action plan to address these. Following growing national interest in local government governance, audit and risk, and the appointment of a new chief executive in October 2023, the council invited the LGA back to review the progress made on their action plan and to provide independent advice on questions raised by the Corporate Governance Committee (CGC) around internal audit and risk. 

Peers immediately recognised the cultural journey HDC has been on over the last two years when the council changed political control from conservative to a joint administration which saw the Independents, Liberal Democrats, Labour, and Green parties combine to lead the council collectively. This was a huge change for both members and officers who had worked in a conservative administration for nearly 50 years. Although the new administration had some experienced councillors, there were many that had never worked in politics, some of whom were selected to be on the executive. It is clear that the new administration hit the ground running and have spent the last two years developing a deeper understanding of the operation of the council, the processes, functions and governance which regulate and control how and what can be delivered. 

The councillor’s peers met and spoke with are clearly passionate about the district and regardless of politics want to deliver the best for their residents. However, it was also clear that they don’t know what they don’t know and would benefit from further training and development and opportunities to look beyond Cambridgeshire to seek out best practice, different models of delivery and new ideas to support them in their running of the council. Peers recommend HDC review all governance, roles and responsibilities and working in a political environment training and development for officers and members. Then develop a four-year programme to include induction, role descriptions and ongoing support to increase knowledge and awareness.

The appointment of a new chief executive has brought a fresh perspective, different skills and experience and an eagerness to drive improvement across the council in line with the administration’s priorities. As a previous monitoring officer, she understands the importance of good governance and the need for transparent decision making, especially in the current climate.

Peers were disappointed that more progress hadn’t been made on the action plan. Through advanced reading and discussions on the day, they felt nine of the 17 recommendations had been completed or were on target to be delivered. They recognised capacity had been an issue and were sympathetic to this but some actions including reviewing the CGC terms of reference, using best practice examples to improve audit reports and conducting an internal and external audit assessment would not have been time consuming and should have been prioritised. Peers recommend HDC accelerate the delivery of actions from the audit peer challenge in March 2023 to ensure all 17 are complete or on course to be completed by May 2024 when the corporate peer challenge takes place. Priority needs to be given to conducting the internal and external assessments.

A new risk management strategy was approved in November 2023. The council wants to use this to drive the internal audit (IA) timetable of reviews. Some no opinion audits, referred to as a position statement and designed to give early advice and guidance have already been carried out and there was some evidence of risk being embedded in service plans along with finance to improve assurance. Peers were supportive of this approach but had concerns about the resources available to deliver. 

The capacity of the IA team is currently reduced, and the risk officer is new to local government and the practice of risk management. Peers recommend the council provides immediate additional senior officer capacity and experience to the internal audit and risk functions to direct and oversee audit and risk development and actions. In parallel, it was recommended that HDC consider an options appraisal for future delivery of internal audit to ensure the council has the capacity, resilience and skills required. 

The current IA reports to CGC are broad, contain information outside the core remit of internal audit services, and lack the detail required for members to see what is on track, overdue, who is responsible and what level of priority is assigned. In order to make them more succinct and purposeful, the content of internal audit reports need to focus on core business, and other senior officers’ reports need to take responsibility for the wider items such as the peer review action plan, governance developments and significant issues and updates. Examples of best practice reporting were previously provided. In addition, peers recommend that a review of the TOR of CGC would also enable the committee to focus on the core business of an “audit committee”, which with more focussed reports to the committee enable them to further enable good governance. 

Peers felt the council would benefit from additional monitoring officer (MO) support, particularly at senior leadership team (SLT) and at committee meetings including the CGC to provide statutory officer advice. This would also support the requirement of wider statutory officer input into corporate reports on governance. Although there was assurance provided to the peer review team that reactive governance advice was available there were questions raised concerning the current shared service arrangements and if they were providing the capacity, accountability and proactive governance leadership required by the council during this period of significant transition. Peers felt consideration should also be given to the MO reporting to the head of paid service to ensure the status and influence of this key statutory role.

There are a number of observations and suggestions within the main section of the report. The following are the peer team’s key recommendations to the council:

Recommendation 1
Accelerate the delivery of actions from the audit peer challenge in March 2023 to ensure all 17 are complete or on course to be completed by May 2024 when the corporate peer challenge takes place. Priority needs to be given to conducting the internal and external assessments.

Recommendation 2
Provide immediate additional senior officer capacity and experience to the internal audit and risk functions to direct and oversee audit and risk development and actions. Alongside this; 

• consider an options appraisal for future delivery of internal audit to ensure the council has the capacity, resilience and skills required. 
• review the content of internal audit reports to ensure they focus on core business, and other senior officer reports take responsibility for the wider items, such as the peer review action plan, governance developments and significant issues and updates.

Recommendation 3
Evaluate the capacity and status of the monitoring officer against the needs of the council to ensure accountability and leadership of governance best practice and statutory compliance in accordance with LGIU and LLG recommendations on the Changing Role of the Monitoring Officer Changing Role of the MO Report. The post would also benefit from reporting to the head of paid service. 

Recommendation 4
Following approval of new terms of reference for the Corporate Governance Committee (CGC) and a review of its membership;

• Conduct a skills audit to support the development of a programme of training and development for members
• Ensure that a development plan is in place to increase the scores of the self-assessment
• Should the model terms of reference be approved, the additional items covered by the CGC (standards, constitution and elections) need to be considered as to where these responsibilities should sit going forward.

Recommendation 5
Review all governance, roles and responsibilities and working in a political environment training and development for officers as well as members. Then develop a four-year programme to include induction, role descriptions and ongoing support to increase knowledge and awareness. 

The peer team

Peer challenges are delivered by experienced elected member and officer peers. The make-up of the peer team reflected the focus of the peer challenge and peers were selected on the basis of their relevant expertise. The peers were:

• Cllr Sally Morgan – Chair of Audit and Governance, Teignbridge District Council 
• Heloise MacAndrew - Director of Law and Governance, Lancashire County Council
• Emma Hodds – Chief of Staff, Broadland and South Norfolk Councils
• Kirsty Human - LGA Peer Challenge Manager

Scope and focus

The council is seeking assurance that internal audit and governance arrangements for internal audit at HDC are appropriate, with particular reference to:

1. Line management responsibilities for risk, internal audit and finance and assurance of the independence of internal audit
2. The extent to which the assurance plan is appropriately informed by risk
3. Corporate capacity for risk strategy and management
4. The effectiveness of the ‘three lines’ individually and collectively
5. The effectiveness of arrangements for risk identification and mitigation
6. The effectiveness and independence of the Corporate Governance Committee including consideration of the committee’s terms of reference.
7. The scope and quality of Head of Internal Audit reports to the Corporate Governance Committee
8. The effectiveness of management’s response to internal audit findings and recommendations
9. Member understanding of the respective roles and responsibilities of members and officers in the context of relevant content within the constitution.

The peer challenge process

Peer challenges are improvement focused; it is important to stress that this was not an inspection. The process is not designed to provide an in-depth or technical assessment of plans and proposals. The peer team used their experience and knowledge of local government to reflect on the information presented to them by people they met, things they saw and material that they read.

The peer team prepared by reviewing a range of documents and information in order to ensure they were familiar with the council and the challenges it is facing. The team then spent one day onsite at Huntingdonshire District Council, during which they:

• Gathered information and views from more than 12 meetings, in addition to further research and reading.
• Spoke to more than 27 people including a range of council staff and elected members.

This report provides a summary of the peer team’s findings. In presenting feedback, they have done so as fellow local government officers and members.

4.1 Line management responsibilities for risk, internal audit and finance and assurance of the independence of internal audit

Within a council structure, there are a number of options for where the internal auditor (IA) can report for management purposes. It is best practice for this to be either the chief executive/head of paid service, the section 151/chief finance officer or the monitoring officer. It is the role of the head of paid service to determine where IA should report depending on individual council circumstances. The Public Sector Internal Audit Standards require the IA to have clear unfettered access to the chief executive/head of paid service, the section 151/chief finance officer, monitoring officer and Audit Committee. 

Through discussions with members and officers, peers identified a need to further clarify the roles and responsibilities of the key statutory officers – often referred to as the golden triangle:

• A head of the paid staff – usually the chief executive (or managing director) who advises councillors on policy, procedure, and legislation.
• A monitoring officer – responsible for advising councillors of the legal framework within which they operate, and for ensuring that they understand if their decisions or actions could lead to a legal challenge or be found to be maladministration. They are also responsible for matters relating to member & officer conduct, the constitution and reporting on illegality.
• A Section 151 officer – usually the director of finance, whose task it is to monitor the financial affairs of the council and to ensure that financial affairs are properly managed.

4.2 The extent to which the assurance plan is appropriately informed by risk 

The audit charter and strategy would also benefit from updating to clearly set out the roles, responsibilities, and reporting lines in relation to risk and governance. This would reduce the risk of ambiguity and ensure everyone had a clear understanding of how the roles work individually and collectively and who to speak to about any concerns. The LGA’s draft improvement and assurance framework for local government provides some helpful guidance on this.  

HDC has a shared legal service with Cambridge City Council and South Cambridgeshire District Council. The monitoring officer (MO) role is shared across two councils with deputy monitoring officers in each authority to oversee the day-to-day operations. In reality this means that the deputy MO at HDC is acting as the defacto MO and sits on the senior leadership team (SLT) in that capacity. As the MO duties are personal to the MO role and cannot be delegated (except in the case of sickness or leave) peers recommended that the council would benefit from additional in person MO support, particularly at SLT and at committee meetings including the CGC to provide legal and governance advice. There is a risk, given the chief executives knowledge and experience that she will fill this void to the detriment of her other roles and responsibilities. Consideration should also be given to the MO reporting to the head of paid service and best practice in relation to the changing role of the MO to ensure capacity and status Changing Role of the MO Report.

In addition to the part time head of internal audit post, there are three other posts - one part time qualified auditor, one part time trainee and one level three apprentice. A new risk officer has only recently been appointed. Peers felt both the internal audit and risk functions would benefit from additional senior support to add capacity, skills and expertise over the short term, to enable delivery of the action plan and implement the council’s new approach to risk management and the actions required in relation to the internal audit service. The existing contract with BDO for IT audits is one option that could be utilised to deliver the more complex audits and provide wider strategic input, but it is recommended that HDC consider all options to increase capacity at pace.

In the longer term, peers suggest the council looks to develop an options appraisal for future delivery of the internal audit service. Options might include keeping the service in house, externalising, sharing with another local authority or a mixture of these. Consideration should be given to all available possibilities. Completing actions 12 (calculation of auditor’s chargeable time and skills audit of the audit team) and 15 (opportunities to carry out data analytics) from the audit review will support the development of this proposal.

The council has a statutory duty to undertake an external quality assessment every five years. The previous audit review recommended this be done following an internal assessment of quality assurance and development of an improvement programme. The internal assessment is likely to take around three days and could be completed by an external provider if capacity is an issue. Peers then recommend the external assessment against the Public Sector Internal Audit Standards (PSIAS) is completed and a draft report available for corporate peer challenge team in May 2024. 

The internal audit annual plan is currently in production, so peers were unable to read and comment on this. 

Peers propose this is an area of work the corporate peer challenge team can explore during their review in May. 

4.3 Corporate capacity for risk strategy and management

4.4 The effectiveness of arrangements for risk identification and mitigation

The council adopted a new Risk Management Strategy on 14th November 2023. Work has begun on aligning the risk register with service plan development and the appointment of a new risk officer is assisting in this. 

The previous audit review recommended that the council conduct a risk maturity assessment. This is not yet completed, and peers recommend it is added to the workplan for the new officer to coordinate.

Peers noted that the new risk officer is a junior appointment only four weeks into role and new to local government and risk. Clearly highly educated, willing and eager to develop the role, peers recommend the post holder undergoes a thorough induction to local government, is able to access wider network support and is provided with training and mentoring. Making more use of the skills and experience in other parts of the council would also help. For example, consider reviewing the management structure around risk and project management to create capacity and resilience to drive the councils risk programme and agenda. 

The corporate risk register is a live document with a large number of risks on it. Peers suggest HDC takes a more detailed look at it to see if there are any changes needed to the scoring which would reduce the number needing corporate oversight. They also noted the need to further develop the corporate risk register action plan with more detail around mitigation measures and action being taken. 

HDC has an electronic system for recording risks. Peers identified a need for the CGC to understand how this risk management system works and be familiar with how risks are escalated to the corporate risk register from the operational space and vies versa.

4.5 The effectiveness of the ‘three lines’ individually and collectively

Peers were satisfied that there are currently three lines of defence in place, although there is potential for improvements to be made in each area.

• First line – Operational - HDC includes identification of risks within annual service plans. At the time of peer’s visit, service plans were being developed. There is a role for the corporate peer challenge to look at these in details to assess this process and ensure the link through to senior management. 
• Second line - Risk, inspection and compliance - Peers were concerned the new risk officer post was not experienced or senior enough to be responsible for this alone. They recommend additional skills and capacity to support development and resilience. 
• Third line - Internal audit - Peers suggested there was further work to do to ensure the IA function had sufficient capacity, could complete the recommended actions from the previous review, and was focussed on the core activity of the service and prioritising higher risk areas as identified by the risk register. 

4.6 The effectiveness and independence of the Corporate Governance Committee including consideration of the committees’ terms of reference

It was positive to see the CGC had completed their first self-assessment and agreed a process for doing this in future. Peers encourage the committee to produce an action plan to increase the lower scores from the self-assessment which will assist in strategic improvements and identification of ongoing goals for the audit committee as a basis for good governance practice.

Holding pre-meetings ahead of the CGC to discuss areas of focus was recognised as good practice and peers encourage this to continue.

At the time of the review, the council still needed to adopt the Cipfa best practice terms of reference for audit committees. Peers were told this was being discussed at the next CGC meeting. It was disappointing to hear this hadn’t been done yet as it would have been an easy recommendation to implement from the previous audit review. 

Another recommendation from the 2022 audit review was to review the role of CGC. This had not been completed to date and peers had a number of further reflections on this for the council to consider. They believe:

• The CGC remit is too broad and HDC should consider other committees/working groups to review areas such as the constitution, standards and electoral arrangements which are not a usual function of CGCs.
• After reducing the scope of the committee there is an opportunity to rename it to clarify its purpose. For example, Audit, Risk and Governance. A quick look at other councils will provide a number of options. 
• The membership of the CGC is too large. In addition, the committee is about to appoint one or two independent members which will increase its numbers further. Peers advise the size of the committee is reviewed in line with best practice and to accommodate the new independent members. A quick look at other councils will provide a number of options.

4.7 The scope and quality of Head of Internal Audit reports to the Corporate Governance Committee

Once these actions have been addressed, peers recommend a skills analysis is completed of all CGC members which is followed by a tailored training and development plan to support members in the best ways possible to undertake their roles. 

The East of England has an audit forum which all chairs of Audit are invited to. It provides a place where Audit Committee chairs can come together and discuss issues of common concern, identify and share best practice, alert each other to emerging issues and, for newly appointed chairs, to pick up tips from more experienced colleagues. HDC have a place on the forum and peers encourage the chair/vice chair to attend as many meetings as possible to increase awareness of practice elsewhere in the region.

Concerns had been raised at HDC regarding amendments being made to the head of internal audit (HIA) reports ahead of the CGC. Peers confirmed that it is common practice for HIA reports to be reviewed by SLT ahead of CGC and this helps to ensure there is collective ownership across the senior management. 

Discussing this issue with members and officers and reviewing the reports, peers felt there were no material changes made to the core HIA report, moreover, the issue seems to be a misperception in the reports purpose. There is a confusion of responsibilities between the HIA role and other statutory roles and a lack of completeness in some areas of core information. In addition, the concerns raised about changes arise in relation to elements which are not core to the HIA report.

Reports are currently too broad and lack the detail required for members to see what is on track, overdue, who is responsible and what level of priority is assigned. Peers suggest the following improvements are made:  

• Progress against the internal audit plan – to help the CGC see whether IA are on track to deliver their annual plan, more information about the state of progress in completing audits against original plans needs to be provided. 
• Tracking of audit actions/ overdue audit actions and the service progress update – it would be normal practice for the HIA report to list this/ previous years’ IA reports with the original recommendation, the priority assigned to it, the management response and date for implementation/ officer responsible for implementation, with further management updates, clearly headed as such, where actions are overdue. 
• A summary at the start of the table about the number of management actions overdue would-be good practice. In the HDC report it’s not fully clear which are the audit recommendations, and which are the management responses/updates. 
• An update on resources available would normally be focused on any impacts on the team’s ability to deliver the IA plan. 
• There should be separate processes for management responses to be agreed (and updates on delays to implementation) which the HIA would include in their report.

There are elements of the HDC report which are not standard parts of a HIA report and do not relate to the IA plan:

• Significant issues and updates
• Governance updates
• Peer review on governance action plan
• External governance developments

4.8 The effectiveness of management’s response to internal audit findings and recommendations

In most cases these would come under the heading of a governance improvement plan/action plan arising from an annual governance statement. As such, while the HIA would contribute to them, they should not be the sole officer responsible for them and it’s therefore more appropriate that such work is reported separately and is a joint effort, with normal processes of contributions and review by relevant officers such as the MO or S151. 

Examples of best practice HIA reports were put forward as part of the previous audit review. Further examples are:

Northwest Leicestershire

Tunbridge Wells

Thanet

Peers recommend the council reviews these to produce a version which suits their needs and presents this to the next CGC.

In discussion with managers, it became clear that there needs to be more input from them into the IA forward plan/strategic and audit plan. Making it a more collaborative process will help with the organisations understanding and recognition of the value of IA. Very few, if any officers attend the CGC to report on their outstanding audit recommendations. It should be common practice for officers to provide an update to members on the reasons for non-completion and to explain the steps being taken to rectify.

The council is currently undertaking its annual service planning process which made it difficult for peers to ascertain the role of IA and the relationship to managers. Peers propose the CPC in May looks at the following areas in more detail:

• Review the effectiveness and operation of the internal boards under SLT – for example, is the assurance board monitoring outstanding audit recommendations?
• Assess the link between service planning, risk identification (and the internal audit forward plan), mitigations, resource allocation.
• Consider how annual service plans support the production of a three-yearly IA plan with a detailed annual plan.

4.9 Member understanding of the respective roles and responsibilities of members and officers with reference to the constitution.

The development of the Annual Governance Statement (AGS) by the S151 officer is accepted practice and IA should feed their comments into this through the HIA Annual Opinion. 

To avoid any confusion, where SLT disagree on IA recommendations there needs to be a mechanism for escalation to CGC for wider context. Being transparent about this will aid the understanding of members of the wider organisational issues. 

The audit review recommended a number of actions relating to good governance:

• HIA, MO and S151 to meet regularly to raise and resolve concerns.
• Carry out a governance review as part of establishing the new management team.
• Joint training for members and officers on good governance. 

4.10. Areas for the Corporate Peer Challenge to review

Peers understand that meetings take place between statutory officers, but the other recommendations are yet to be completed and the recommend these are actioned with pace.

Some member induction took place two years ago when the new administration was elected. It was challenging time for all, with many councillors new to the council and their additional roles. It was evident to peers that the council needs to invest in clarity of roles and responsibilities particularly with regard governance and audit. HDC do have member job descriptions which could be refreshed to support members in all roles. There are many examples already in the public domain that can help with this.  

Training and development were themes mentioned to peers by everyone they spoke with. There was a recognition that two years into running the council lots had been learned but there was always something new to learn especially as legislation and the external political environment was forever changing. Peers recommend a four-year member training plan is developed with member input which supports councillors from induction through to the next election.

In addition, officer induction and management training need to include information about working in a political environment and supporting committees as well as the impacts a change of control situation can have on a council. Officers need to quickly understand what information is available for all members, the administration and the opposition and this can be hard to identify at first.

Peers also recommend HDC takes a look at its constitution. If it is not feasible to do a full review, consider a staged approach to working through sections with a member working group to build confidence in the process and work within the capacity of the council.

1. Completion of actions from the Audit review – March 2023
2. Review the extent to which the IA plan is appropriately informed by risk.
3. Revisit the effectiveness of the three lines of defence, individually and collectively.
4. Review the effectiveness and operation of the internal boards under SLT – for example, is the assurance board monitoring outstanding audit recommendations?
5. Assess the link between service planning, risk identification and the internal audit forward plan.
6. Consider how annual service plans support the production of a three-yearly IA plan with a detailed annual plan.
7. Extent to which the recommendations from this review have been acted upon.

It is recognised that senior political and managerial leadership will want to consider, discuss and reflect on these findings. 

Both the peer team and LGA are keen to build on the relationships formed through the peer challenge. The CPC process includes a progress review within twelve months of the CPC, which provides space for the council’s senior leadership to update peers on its progress against the recommendations from this report.

In the meantime, Rachel Litherland, Principal Adviser for the east of England, is the main contact between your authority and the Local Government Association and is available to discuss any further support required: [email protected]